Timely Responses Required for Requests under HIPAA’s Right of Access Rule - Bim Group

Timely Responses Required for Requests under HIPAA’s Right of Access Rule

HIPAA

Share this post:

Linkedin

READ TIME: 4 MINUTES

On December 15, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), announced a settlement under the Health Insurance Portability & Accountability Act (HIPAA) Right of Access Rule. This penalty illustrates that the Right of Access Rule remains a focus of HHS and that health plans, health care providers, and other covered entities should confirm their own organization’s timely delivery of documents upon request.

The Right of Access Rule
HIPAA requires that individuals or their personal representatives have timely access to their protected health information for a reasonable cost. This rule generally requires that a health plan or other covered entity provide copies of (or other acceptable access to) requested protected health information within 30 days of receiving the request if that information is considered part of a “designated record set.”

A “designated record set” is generally defined to include protected health information that is maintained, collected, used, or disseminated by a health plan or other covered entity that consists of:

  • Medical records and billing records about individuals maintained by or for a covered health care provider
  • Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan
  • Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals

There are two narrow exceptions to the Right of Access Rule for psychotherapy notes and information compiled in reasonable anticipation of, or for use in, a civil, criminal, or certain administrative actions.

Recent Settlement

In 2022, OCR initiated an investigation of six separate complaints that Optum Medical Care of New Jersey failed to provide timely access to medical records when requested by an adult patient or by the parent of minor patients. OCR determined that patients received the requested records up to 231 days after submitting their requests, which exceeded the permitted response time under the Right of Access Rule. Accordingly, OCR determined this failure was a potential HIPAA violation and entered into a resolution agreement for a $160,000 penalty and implementation of a corrective action plan.

Action Items for Employers

In light of the requirements of the Right of Access Rule and continued complaints received by OCR, health plans, health care providers, and other covered entities should:

  • Review current policies and notices to ensure compliance with HIPAA requirements.
  • Review and verify that appropriate procedures are in place to ensure that requested documentation can be produced in a timely fashion upon request.
  • Verify the current contact information for the party responsible for receiving and responding to protected health information requests.
  • Ensure appropriate processes, procedures, and training are in place to ensure all necessary staff understands and is able to comply with the Right of Access Rule.

Recent Insights

May 7, 2024
DOL, ERISA

Inflation Adjusted Penalties for Health and Welfare Plans

READ TIME: 5 MINUTES The Department of Labor (DOL) recently released a final rule providing the adjusted civil penalty amounts for certain health and welfare plan violations assessed after January 15, 2024. The Employee Retirement Income Security Act (ERISA) provides for the imposition of penalties for a number of plan-related failures or administrative errors and […]
Read more
May 7, 2024
Compliance Alert

April 2024 Compliance Recap

READ TIME: 7 MINUTES In April, a ban went into effect for most non-compete clauses, and the Centers for Medicare and Medicaid Services (CMS) portal opened for RxDC reporting submissions due June 1, 2024. The Equal Employment Opportunity Commission (EEOC) released final regulations mandating how employers with 15 or more employees must handle accommodation requests […]
Read more
April 22, 2024
News

Do You Know Where Your Employees Are? Managing Taxes for a Growing Remote Workforce

READ TIME: 5 MINUTES Remote work remains a growing focus of employers with employees increasingly seeking jobs that permit remote or hybrid work arrangements. Though the flexibility and benefits of remote work for employees is highly desired, it comes with some additional considerations and potential tax complications for the employer. State Income Tax Withholding Considerations […]
Read more
April 22, 2024
COBRA, Compliance Alert

Group Health Plan Guide to COBRA

The Consolidated Omnibus Budget Reconciliation Act (COBRA) gives workers and their families who lose their health benefits due to job loss, reduction in hours, death, divorce, and other life events the right to choose to temporarily continue health benefits provided by their group health plan. This guide includes: Employers required to offer COBRA Plan types […]
Read more